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We analyzed the security of the secure direct communication protocol based on secret transmitting 
order of particles recently proposed by Zhu, Xia, Fan, and Zhang [Phys. Rev. A 73, 022338 (2006)], 
and found that this scheme is insecure if an eavesdropper, say Eve, wants to steal the secret message 
with Trojan horse attack strategies. The vital loophole in this scheme is that the two authorized 
users check the security of their quantum channel only once. Eve can insert another spy photon, 
an invisible photon or a delay one in each photon which the sender Alice sends to the receiver Bob, 
and capture the spy photon when it returns from Bob to Alice. After the authorized users check 
the security, Eve can obtain the secret message according to the information about the transmitting 
order published by Bob. Finally, we present a possible improvement of this protocol. 

PACS numbers: 03.67.Hk, 03.65.Ud 



I. INTRODUCTION 

Since an original quantum key distribution (QKD) 
scheme was proposed by Bennett and Brassard [l[ in 1984 
(BB84), quantum communication has progressed quickly. 
There are several remarkable branches ofquantum com- 
munication, such as QKD @, H, 0, IE B H Hi > quantum 
secret sharing HIGH El, quantum secure direct commu- 
nication (QSDC), and so on. QKD whose task is to create 
a private key between two remote authorized users is one 
of the most important applications of quantum mechan- 
ics in the field of information. By far, there has been a 
lot of attention focused on QKD 0, i, i, 0, i, 0, 1- 

QSDC is a new branch of quantum communication and 
is used to transmit a secret message directly without 
creating a private key in advance [T3, [H, 0, [lj| [lj|. 
In 2002, Bostrom and Felbinger proposed a quasi-secure 
quantum direct communication protocol, called "ping- 
pong" protocol [HI . They used Einstein-Podolsky- Rosen 
(EPR) pairs as quantum information carriers (QIC), fol- 
lowing some ideas in quantum dense coding [17|. How- 
ever, it has been proved insecure in a noise channel [l8l |. 
In 2003, Deng et al. put forward a two-step QSDC pro- 
tocol using a block of EPR pairs 11211 and another one 
with a sequence of single photons [TJ. Wang et al. [Tij 
introduced a high-dimension QSDC scheme. 

Another class of quantum communication has been 
called deterministic secure quantum communication 
(DSQC) in which the receiver can read out the se- 
cret message only after the transmission of an additional 
classical bit for each qubit, different from QSDC in which 
the secret message can be read out directly without ex- 



changing classical information anymore. Compared with 
QKD, DSQC can be used to obtain a deterministic in- 
formation, other than a random binary string. Recently, 
Gao et al. [2(| HI and Man et al. [22[ proposed several 
DSQC protocols based on quantum teleportation [23| and 
entanglement swapping [24| . Although the users have to 
exchange a lot of classical information to obtain the secret 
message, they can check the eavesdropping before they 
transmit the secret message, and the qubits which carry 
the secret message need not be transmitted again after 
the users check eavesdropping. Therefore these schemes 
may be more secure in a noise channel and more conve- 
nient for quantum error correction [l9j . 

Recently, Zhu et al. (2f| proposed a new secure direct 
communication protocol using EPR pairs as QIC (We 
called it ZXFZ protocol for short below), similar to the 
two-step QSDC protocol [l|. The transmitting order 
of particles is secret to any other people except for the 
sender, and the most important advantage emphasized is 
that this protocol only needs one security checking pro- 
cess. However, we found this scheme is insecure just due 
to lack of sufficient security-checking processes. We can 
use the Trojan horse attack strategy Q to get the se- 
cret message completely without leaving a trace. In this 
paper, we first review the protocol they proposed and 
then introduce the way to eavesdrop it freely. Finally, 
we present a possible improvement of this secure direct 
communication scheme. 



II. EAVESDROPPING ON THE SECURE 
DIRECT COMMUNICATION PROTOCOL 
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It is well known that a crucial issue of secret commu- 
nication is its security. The security of quantum commu- 
nication is guaranteed by the principles in quantum me- 
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chanics against an eavesdropper with unlimited powers, 
whose technology is confined only by the laws of quantum 
mechanics. For QSDC or DSQC protocols, their security 
is more important than that in QKD protocols because 
they are used to transmit a secret message, other than a 
private key. 

Now, let us start with the brief description of the 
ZXFZ protocol (25J. First, Alice and Bob agree that 
the four unitary operations U = |0)(0| + |1)(1|, U\ — 
|0)(0|-|1)<1|, U 2 = |0)<1| + |1)(0|, and U 3 = |0)(1|-|1)<0| 
represent two bits of classical information 00, 11, 10, and 
10, respectively. Alice prepares a sequence of EPR pairs 
in one of the four Bell states, say 1^}, = -j=(\0) H . |1)t; — 
|0}ri), and then divides them into two parter-photon 
sequences. She keeps one sequence (home sequence) in 
her laboratory and sends the other sequence (travel se- 
quence) to Bob through a quantum channel. After re- 
ceiving the travel sequence, Bob chooses a sufficiently 
large subset of photons as a checking set (C set) and the 
rest as a message set (M set). Bob encodes his check- 
ing message and secret message by performing the four 
unitary operations Ui (i = 0,1,2,3) on the C set and 
the M set respectively. Then Bob rearranges the order 
of the T sequence and returns them to Alice. After Alice 
claims her receipt of all the T sequence, Bob announces 
the position of the C set and the secret order in it. Al- 
ice performs the Bell-state measurements on the checking 
photons and publishes the results. Bob can distinguish 
whether there is an eavesdropper monitoring their quan- 
tum line by comparing his checking message with Alice's 
outcomes. If there exists an eavesdropper, Bob termi- 
nates the communication. Otherwise, he exposes the se- 
cret order of the M set, and then Alice can obtain the 
secret message with Bell-state measurements. 

The security of the ZXFZ scheme [25| is based on the 
secret order of the particles. However, the secret order 
will be published by Bob after the security checking. One 
can see that the two authorized users only check the se- 
curity once in the line from Bob to Alice. The secret 
message is encoded with the unitary operations done by 
Bob. If Alice and Bob cannot detect the eavesdropper 
during the checking process, Eve can get the secret or- 
der and the whole secret message. The eavesdropper can 
utilize the loophole that the users do not check the secu- 
rity of the quantum channel from Alice to Bob to insert 
some additive photons in each legitimate one to get Bob's 
operation information freely. There are two kinds of Tro- 
jan horse attack strategies. One is the invisible photon 
eavesdropping (IPE) scheme proposed by Cai [26| and 
the other is the delay-photon Trojan horse attack[5|, H3| • 

Firstly, the invisible photon eavesdropping scheme uti- 
lizes the fact that the single photon detector is only sensi- 
tive to the photons with a special wavelength [26| . There- 
fore, Eve can select a wavelength far away from that the 
authorized users use, which is invisible to Bob's detector. 
But there exist some problems if Eve uses the IPE to at- 
tack the quantum communication protocols in which the 
wavelength-dependent optical devices are used to code 



the useful information. That is, Eve maybe obtain noth- 
ing about the information of the operations done by the 
legitimate users with optical devices (such as A/2 and 
A/4 plates) if the wavelength of the invisible photon is 
far away from that used by the users. However, it is 
worthy to point out that no security checking is per- 
formed in the line from Alice to Bob, which is a serious 
security loophole of the ZXFZ protocol [253. Eve can 
choose a special wavelength which is close to the legit- 
imate wavelength to produce the invisible photons. As 
we assumed Eve has absolutely no technological 

limits for her eavesdropping; i.e., she can do everything 
that quantum mechanics does not explicitly forbid. Since 
the number of photons and the polarization of a photon 
are commutative, Eve can insert a spy photon in each 
signal pulse and sort it out without disturbing the state 
of the travel photon of Alice's in principle. Now we ana- 
lyze the attack scheme in detail. First, the eavesdropper 
Eve prepares a sequence of EPR pairs with the wave- 
length A' (The legitimate wavelength is A, A' « A. Eve 
can distinguish them in principle even though there may 
be no those devices existing at present.) also in the state 
|tjr') i( = i (|o) H( ,|l) r ., -|l) H .,|Q) Tj/ ). When Alice sends 

the T sequence to Bob, Eve adds her T 1 sequence to the 
T sequence and forwards them to Bob. In detail, Eve 
inserts each photon T" into the photon T's pulse. When 
Bob performs his unitary operation on the T sequence, 
he also performs his operation on the T" sequence Eve 
sent. After Bob rearranges the order of the T sequence, 
Eve captures her spy photons when they run back from 
Bob to Alice, and stores them. It is important to point 
out that all of the operations Eve does have no effect on 
the secret order and the secret states of the Alice's T 
sequence. Since the optical devices used to accomplish 
the unitary operations are often wavelength-dependent in 
practical, the information carried by Eve's additional se- 
quence T' is not as exactly same as the photon sequence 
T in the line from Bob to Alice. However, since A' is close 
to A, the probability that Eve obtain the correct outcome 
with her Bell-state measurements is close to 1. In other 
words, almost all the information about the secret mes- 
sage will be leaked to Eve without being detected. After 
Alice and Bob accomplish the security checking, Eve can 
rearrange the sequence order according to the informa- 
tion published by Bob, and do the same measurements as 
Alice to obtain Bob's secret message with a large proba- 
bility in principle. 

Secondly, the delay-photon Trojan horse attack [27| is 
inserting a spy photon in a legitimate signal with a de- 
lay time, shorter than the time windows. As we know, 
in experiment there is a "door" (a time window) of the 
optical device which is open only during a short time, 
i.e., only when the qubits arrive. In order to limit the 
Trojan horse attack, the door should be open only dur- 
ing a time as short as possible (28|. However, in practice, 
timing has a finite accuracy, the eavesdropper Eve with 
a infinite power can add her probes before or after the 
legitimate pulses. Different from the IPE attack, the de- 
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lay spy photon has the same wavelength as the legitimate 
photon. Therefore the spy photon sequence T" will carry 
the same information as the legitimate T sequence. Eve 
can prepare the EPR pair sequence in the same state 
= 73(|0}jr 4 „|l>T 4 „ - |l)ff,„|0)T 4 „), and insert her 
T" sequence into the T sequence when Alice sends it to 
Bob. In detail, Eve inserts each T" photon after each T 
pulse with a delay time which is shorter than the time 
windows of Bob's optical devices. Since the T" photons 
have the same wavelength as the T photons, Bob will 
perform the exact same operation on the T" sequence 
when he performs his unitary operations on the T se- 
quence. Eve sorts out her T" photons when Bob returns 
them back to Alice, and rearranges the order according 
to the information published by Bob after Alice and Bob 
complete their eavesdropping checking. Thus Eve can 
perform the Bell-state measurement on her spy photons 
and get the secret message fully and freely. 

Certainly, these attack schemes also work for the other 
QSDC protocols, such as those in Refs. [H, [3 [HI ]. 
However, the user can exploit a complex eavesdropping- 
checking process to avoid it [13] • As there is not eaves- 
dropping checking when the photons are transmitted 
from the sender Alice to the receiver Bob in the ZXFZ 
protocol [HI], this attack cannot be detected in principle. 

III. IMPROVEMENT TO DEFEAT THE 
TROJAN HORSE ATTACK 

In order to defeat Eve's IPE attack, a filter with which 
only the wavelengths close to the operating one can be 
let in should be added before all of the Bob's devices. 
In this way, Eve's invisible photons will be filtered out. 
Moreover, a photon number splitter (PNS: 50/50), which 
is used to divide each signal into two pieces, should be 
introduced to defeat the delay-photon Trojan horse at- 
tack. Thus, with the PNS and two single-photon mea- 
surements the users can distinguish whether there exists 
a multiphoton signal (including the delay-photon signal 
and the invisible photon whose wavelength is so close to 
the legitimate one that it cannot be filtered out with the 
filter). Although a PNS is not feasible with current tech- 
nology, the users can use a photon beam splitter (PBS: 
50/50) to prevent Eve from stealing the secret message 
with a little modification [27| . 

In order to improve the security of the ZXFZ proto- 
col [25j], we have to take these two kinds of attacks into 
account. For integrity, we describe the improved ZXFZ 
protocol in steps as follows. 

(1) Alice prepares a sequence of EPR pairs in the state 
^ = _i=(|0) ff Jl) T . - |l)fl- 4 |0) Ti ) and divides them into 

two sequences, the home (H) sequence and the travel 
(T) sequence, same as Refs. [13, HH- She sends the T 
sequence to Bob. 

(2) Bob inserts a filter in front of his devices to filter 
out the photon signal with an illegitimate wavelength, 
and then chooses a sufficiently large subset of photons 



randomly. He splits each sampling signal with a PNS 
and measures the two signals after the PNS with the 
two measure bases a z and a x chosen randomly. If the 
multiphoton rate is unreasonable high, Bob terminates 
the transmission and repeats the communication from 
the beginning. Otherwise, he continues to the next step. 

(3) Bob chooses a large subset of photons from the pho- 
tons remained as checking set (C set) and the others as 
the message set (M set). He encodes his message (check- 
ing message and secret message) by performing one of 
the four unitary operations Ui (i = 0,1,2,3). Then he 
disturbs the initial order of the photons in the T sequence 
and returns them to Alice. 

(4) After Alice announces the receipt of all the T pho- 
tons, Bob tells her the position and the order of the C set. 
Alice performs the Bell-state measurement on the pho- 
tons in the C set and publishes the results with which Bob 
can estimates the security of the transmission. If there is 
an eavesdropper, Bob stops the communication. Other- 
wise, Bob publishes the order of the M set, and Alice can 
obtain the secret message with Bell-state measurements. 

The improved ZXFZ protocol introduces a filter and 
another eavesdropping-checking process to defeat the 
IPE and the delay-photon Trojan horse attacks. In prin- 
ciple, the eavesdropper Eve with a infinite power can al- 
ways find loopholes in quantum communication protocols 
with a non-ideal quantum channel. Our improvement 
can only counter the attacks we have already known. If 
some sophisticate Trojan horse attacks would be put for- 
ward in the future, we should choose a more complex 
eavesdropping-check way. The sticking point we want 
to emphasis is that two times of security checking is in- 
evitable to ensure this bidirectional secure communica- 
tion, same as those in the two-step protocol [1 21 ] . In this 
way, the origin ZXFZ protocol [25| cannot improve the 
efficiency of secure communication and has no superior- 
ity, compared with the two-step QSDC scheme [12j, not 
the case announced by the authors [25| . It is worthy to 
point out that if the authorized users perform the secu- 
rity checking twice, the step to disturb the order of the 
photons in the T sequence can be reduced, and Alice can 
read out the secret message directly without the infor- 
mation of the order Bob published if Bob also has the 
capability of storing the quantum states. In this way, 
the protocol is equivalent to the QSDC scheme proposed 
by Wang et al. [lj|. On the other hand, the improved 
ZXFZ protocol is useful if one of the two users, i.e., the 
sender of the secret message (Bob), does not have the 
device for storing quantum states. In this time, Bob can 
sample some photons from the T sequence synchronously 
for checking eavesdropping in the line from Alice to Bob, 
and then disturbs the orders of the others after encod- 
ing the message. The process for eavesdropping checking 
of the line from Alice to Bob needs not the storage of 
the other photons, which will reduce the requirements 
on Bob's devices largely in a practical application. 
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IV. DISCUSSION AND SUMMARY 

In Ref. [251, the authors also proposed a one-way se- 
cure direct communication scheme based on the secret 
transmitting order of particles with EPR pairs. We found 
this scheme is secure in an ideal quantum channel. Also, 
the authors announced that their one-way scheme greatly 
reduces the opportunity of the particles being intercepted 
than the two-step protocol [H| . Unfortunately, we found 
that the opportunity of the particles being intercepted in 
these two schemes is the same one. In both schemes 27V 
(TV is the number of EPR pairs used) particles were trans- 
mitted from Alice to Bob. The only difference between 
those two protocols is that the 27V particles is transmit- 
ted in one step in the one-way scheme [HJ] and through 
two steps in the two-step protocol [13] • In the two-step 
protocol the receiver can read out the secret message di- 
rectly. But in this one-way scheme, for each qubit infor- 
mation to be understood at least one additional classical 
bit of information is exchanged. Both these two proto- 
cols need the quantum memory. Suppose the times for 
the transmission of the photons and the classical infor- 
mation transmitted from one user to the other both are 
t (Let us neglect the time for measurement and com- 
parison). We found that the receiver needs to store the 
27V particles at least for it time in the one-way scheme 
[H| and he stores TV particles at least for 2t time in the 
two-step scheme [Hj]. In detail, in the one-way scheme 
[I|| the receiver (Bob) should first tells the sender (Al- 
ice) the information that he has received all the photons, 
and then Alice publishes the positions of the photons in 
the checking set (i.e., C set) and their orders. After Bob 
transmits the outcomes of the C set to Alice, she tells 
him the orders of the other photons. That is, Bob at 
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parties only execute one security-checking process. We 
proved that the eavesdropper can get Bob's secret mes- 
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